Yes, scraping public data in China is legally permissible under strict conditions, but unauthorized extraction or commercial use may violate privacy and cybersecurity laws. The Cyberspace Administration of China (CAC) and local regulators enforce rules like the 2022 Data Security Law (DSL) and 2021 Personal Information Protection Law (PIPL), which require compliance with data localization, consent, and cross-border transfer restrictions. Recent 2026 draft guidelines from the CAC further emphasize “legitimate interests” and “necessity” tests for data processing, signaling tighter scrutiny.
Key Regulations for Scraping Public Data in China
-
Data Security Law (DSL, 2022): Mandates that public data scraping must not compromise national security or disrupt public order. Entities must classify data as “important,” “core,” or “general” and adhere to tiered protection measures. Unauthorized scraping of “important data” (e.g., industrial statistics) triggers penalties under Articles 27–29.
-
Personal Information Protection Law (PIPL, 2021): Prohibits scraping personal data from public sources without explicit consent or a statutory basis (e.g., public interest). Violations incur fines up to 50 million RMB or 5% of annual revenue under Article 66. The CAC’s 2024 enforcement notices target “excessive” scraping of social media profiles.
-
Cyberspace Administration of China (CAC) Guidelines (2026 Draft): Introduce a “three-step compliance framework” for public data scraping: (1) verify data is truly public (not derived from private interactions), (2) document the “legitimate interest” justification, and (3) conduct a risk assessment for re-identification risks. Non-compliance may result in blacklisting under the 2025 “Social Credit System for Data Processors.”